CVE-2024-3400

NVD Published Date: April 12, 2024 at 08:15 AM
NVD Last Modified: May 29, 2024 at 04:00 PM
Download Patch
Vulnerability ID
CVE-2024-3400
Severity
CRITICAL
Severity Score
10.0
Summary
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Mitigation and Patches
-
Exploits

https://www.exploit-db.com/exploits/51996

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://github.com/momika233/CVE-2024-3400

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/schooldropout1337/CVE-2024-3400

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://unit42.paloaltonetworks.com/cve-2024-3400/

https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_telemetry_cmd_exec.rb

https://github.com/h4x0r-dz/CVE-2024-3400

https://github.com/0x0d3ad/CVE-2024-3400

https://github.com/W01fh4cker/CVE-2024-3400-RCE

https://github.com/Yuvvi01/CVE-2024-3400

https://github.com/ak1t4/CVE-2024-3400

https://github.com/AdaniKamal/CVE-2024-3400

https://github.com/Chocapikk/CVE-2024-3400

https://github.com/ihebski/CVE-2024-3400

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan

https://github.com/zam89/CVE-2024-3400-pot

https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection

https://github.com/momika233/CVE-2024-3400

https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400

https://github.com/schooldropout1337/CVE-2024-3400

Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-77

Recent Publish

CVE-2024-4040

KB890830

CVE-2024-7023

CVE-2024-7024

CVE-2024-4657

See More ...

See SecOps Solution
in action

Schedule Demo